White House’s review finds no Huawei spying

STILL RISKY:US officials emerged from the review worried about what would happen if China asked Huawei for assistance in gathering intelligence

Reuters, SAN FRANCISCO

“If the Chinese government approached them, why would they say no, given their system?” Johnson said.

Preventing state spying through technology is a high priority for US President Barack Obama’s administration, which is lobbying for legislation to raise private-sector security standards and readying a more limited executive order along those lines.

Reuters interviews with more than a dozen current and former US government officials and contractors found nearly unanimous agreement that Huawei’s equipment poses risks: The company could send software updates that siphon off vast amounts of communications data or shut them down in times of conflict.

More than anything else, cyber experts complained about what they said was poor programming that left Huawei equipment more open than that of rivals to hacking by government agents or third parties.

“We found it riddled with holes,” said one of the people familiar with the White House review.

At a conference in Kuala Lumpur last week, Felix Lindner, a leading expert in network equipment security, said he had discovered multiple vulnerabilities in Huawei’s routers.

“I’d say it was five times easier to find one in a Huawei router than in a Cisco one,” Lindner said.

Lindner, who spent months investigating Huawei code, said the vulnerabilities appeared to be the result of sloppy coding and poor procedures, rather than any deliberate attempt at espionage. Huawei is looking into his findings, he said.

However, some in the US government have said the alleged poor security practices at Huawei could be a deliberate cover for future attacks. One computer scientist, who helped conduct classified US government research on Huawei routers and switches four to six years ago, said he had found “back doors” that his team believed were inserted with care.